You will most likely have to restore your entire OS, then restore the sites on your server. Usually your data center will give you a fresh installation and let you mount your current hard drive temporarily so you can transfer your data.

You should consult a pro server admin and/or your data center for information on how to do this.

Even if you could access your server, you would need to consider it compromised and any number of backdoors installed.

You will need to have the OS reinstalled and then secure the server when you are done. I would suggest you hire a third party to do this (I use a third party to verify and make changes even though I have in house staff and can do it myself)

If you would like a personal recommendation for a third party, PM me and I will send you a link

PartnerNOC

Please help! My entire server has been hacked and i can't enter WHM and Cpanel anymore.

Every index page has been changed and i don't know why.

In which way i can resolve? I have unistall Cpanel?

Click to expand...

Before you do a OS reload, you need to assess the damage done on your server. Ask your data center to reset your password, SSH to the server, run rkhunter, chkrootkit and any other tools you might have, then check the log files. If your system is unstable and behaving weird, backup your data and ask your DC to do a OS reload ASAP.

Andy Reed
CCNA, RHCE, and Ubuntu TechnologistServerTune.com

Stop hovering to collapse...Click to collapse...Hover to expand...Click to expand...

PartnerNOC

If you are referring to clients' data, you'll have to clean up any hacking/spamming tools downloaded and installed on your clients' virtual servers. There are few good scripts that scan your files for vulnerability.

Andy Reed
CCNA, RHCE, and Ubuntu TechnologistServerTune.com

Stop hovering to collapse...Click to collapse...Hover to expand...Click to expand...

Cleaning is bad advice if the box was rooted. You could clean 90% of the files and still worry that other 10% is still compromised in some way. An OS reload assures you that the box is, in fact, clean and you can rebuild from there. This sounds more like a script kiddie got in, so a reload might be drastic. But better to be safe then sorry! GL to the OP.

Cleaning is bad advice if the box was rooted. You could clean 90% of the files and still worry that other 10% is still compromised in some way. An OS reload assures you that the box is, in fact, clean and you can rebuild from there. This sounds more like a script kiddie got in, so a reload might be drastic. But better to be safe then sorry! GL to the OP.

Click to expand...

i was referring to clients' data files that should be backedup before OS reload

if clients' data files can be cleaned then why OS reload ?

if clients' data files can be cleaned by 90% and theres a chance of 10% the data still infected, then restoring the infected backup AFTER OS realod will not solve the problem

PartnerNOC

i was referring to clients' data files that should be backedup before OS reload

if clients' data files can be cleaned then why OS reload?

Click to expand...

A server compromise means that malicious attackers can modify or even replace binary applications/packages, read and write to your files, or destroy the data on your server, rendering the system useless. Use your best judgement!

An attacker with the right set of tools and ready-made exploits can bring down a vulnerable server in minutes. For this reason, it is crucial to always patch, secure and optimize your server and related software.

Andy Reed
CCNA, RHCE, and Ubuntu TechnologistServerTune.com

Stop hovering to collapse...Click to collapse...Hover to expand...Click to expand...